Computer systems today are vulnerable to a variety of malicious attacks that compromise system integrity in a number of ways. Some examples of these attacks may include denial-of-service attack (where computer functionality is unavailable to users), stealing secrets (where confidential information on the computer is made known to an unauthorized user, and corruption of functionality (where an unauthorized user invokes computer functionality but incorrect behavior results.
Computer systems are vulnerable to these kinds of attacks primarily because computers were not designed from inception with the intent of providing security against these kinds of attacks. Instead, computer vendors attempt to patch security functionality onto their existing systems in response to each new threat that is discovered. The result is a mixture of security relative components that attempt to provide security in their aggregate behavior. However, experience has shown that this type of “defense in depth” strategy has not been effective at deterring the most capable attackers and that new computer vulnerabilities and corresponding exploits continue to appear. Vendors and attackers are therefore engaged in a tit-for-tat struggle of exposing new exploits and then securing against each exposed exploit.
To avoid the type of reactive posture that vendors typically tend to take, it may be desirable to provide a structure that is designed to be secure at its core, and therefore is less likely to be exposed to continued development of exploits. Accordingly, it may be desirable to continue to develop improved and/or more efficient mechanisms by which protection against malware may be provided.